<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    
    <title>35.5. crypt — Function to check Unix passwords &mdash; Python 3.4.3 documentation</title>
    
    <link rel="stylesheet" href="../_static/pydoctheme.css" type="text/css" />
    <link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
    
    <script type="text/javascript">
      var DOCUMENTATION_OPTIONS = {
        URL_ROOT:    '../',
        VERSION:     '3.4.3',
        COLLAPSE_INDEX: false,
        FILE_SUFFIX: '.html',
        HAS_SOURCE:  true
      };
    </script>
    <script type="text/javascript" src="../_static/jquery.js"></script>
    <script type="text/javascript" src="../_static/underscore.js"></script>
    <script type="text/javascript" src="../_static/doctools.js"></script>
    <script type="text/javascript" src="../_static/sidebar.js"></script>
    <link rel="search" type="application/opensearchdescription+xml"
          title="Search within Python 3.4.3 documentation"
          href="../_static/opensearch.xml"/>
    <link rel="author" title="About these documents" href="../about.html" />
    <link rel="copyright" title="Copyright" href="../copyright.html" />
    <link rel="top" title="Python 3.4.3 documentation" href="../index.html" />
    <link rel="up" title="35. Unix Specific Services" href="unix.html" />
    <link rel="next" title="35.6. termios — POSIX style tty control" href="termios.html" />
    <link rel="prev" title="35.4. grp — The group database" href="grp.html" />
    <link rel="shortcut icon" type="image/png" href="../_static/py.png" />
    <script type="text/javascript" src="../_static/copybutton.js"></script>
    <script type="text/javascript" src="../_static/version_switch.js"></script>
    
 

  </head>
  <body>  
    <div class="related">
      <h3>Navigation</h3>
      <ul>
        <li class="right" style="margin-right: 10px">
          <a href="../genindex.html" title="General Index"
             accesskey="I">index</a></li>
        <li class="right" >
          <a href="../py-modindex.html" title="Python Module Index"
             >modules</a> |</li>
        <li class="right" >
          <a href="termios.html" title="35.6. termios — POSIX style tty control"
             accesskey="N">next</a> |</li>
        <li class="right" >
          <a href="grp.html" title="35.4. grp — The group database"
             accesskey="P">previous</a> |</li>
        <li><img src="../_static/py.png" alt=""
                 style="vertical-align: middle; margin-top: -1px"/></li>
        <li><a href="https://www.python.org/">Python</a> &raquo;</li>
        <li>
          <span class="version_switcher_placeholder">3.4.3</span>
          <a href="../index.html">Documentation</a> &raquo;
        </li>

          <li><a href="index.html" >The Python Standard Library</a> &raquo;</li>
          <li><a href="unix.html" accesskey="U">35. Unix Specific Services</a> &raquo;</li> 
      </ul>
    </div>    

    <div class="document">
      <div class="documentwrapper">
        <div class="bodywrapper">
          <div class="body">
            
  <div class="section" id="module-crypt">
<span id="crypt-function-to-check-unix-passwords"></span><h1>35.5. <a class="reference internal" href="#module-crypt" title="crypt: The crypt() function used to check Unix passwords. (Unix)"><tt class="xref py py-mod docutils literal"><span class="pre">crypt</span></tt></a> &#8212; Function to check Unix passwords<a class="headerlink" href="#module-crypt" title="Permalink to this headline">¶</a></h1>
<p id="index-0">This module implements an interface to the <em class="manpage">crypt(3)</em> routine, which is
a one-way hash function based upon a modified DES algorithm; see the Unix man
page for further details.  Possible uses include storing hashed passwords
so you can check passwords without storing the actual password, or attempting
to crack Unix passwords with a dictionary.</p>
<p id="index-1">Notice that the behavior of this module depends on the actual implementation  of
the <em class="manpage">crypt(3)</em> routine in the running system.  Therefore, any
extensions available on the current implementation will also  be available on
this module.</p>
<div class="section" id="hashing-methods">
<h2>35.5.1. Hashing Methods<a class="headerlink" href="#hashing-methods" title="Permalink to this headline">¶</a></h2>
<div class="versionadded">
<p><span class="versionmodified">New in version 3.3.</span></p>
</div>
<p>The <a class="reference internal" href="#module-crypt" title="crypt: The crypt() function used to check Unix passwords. (Unix)"><tt class="xref py py-mod docutils literal"><span class="pre">crypt</span></tt></a> module defines the list of hashing methods (not all methods
are available on all platforms):</p>
<dl class="data">
<dt id="crypt.METHOD_SHA512">
<tt class="descclassname">crypt.</tt><tt class="descname">METHOD_SHA512</tt><a class="headerlink" href="#crypt.METHOD_SHA512" title="Permalink to this definition">¶</a></dt>
<dd><p>A Modular Crypt Format method with 16 character salt and 86 character
hash.  This is the strongest method.</p>
</dd></dl>

<dl class="data">
<dt id="crypt.METHOD_SHA256">
<tt class="descclassname">crypt.</tt><tt class="descname">METHOD_SHA256</tt><a class="headerlink" href="#crypt.METHOD_SHA256" title="Permalink to this definition">¶</a></dt>
<dd><p>Another Modular Crypt Format method with 16 character salt and 43
character hash.</p>
</dd></dl>

<dl class="data">
<dt id="crypt.METHOD_MD5">
<tt class="descclassname">crypt.</tt><tt class="descname">METHOD_MD5</tt><a class="headerlink" href="#crypt.METHOD_MD5" title="Permalink to this definition">¶</a></dt>
<dd><p>Another Modular Crypt Format method with 8 character salt and 22
character hash.</p>
</dd></dl>

<dl class="data">
<dt id="crypt.METHOD_CRYPT">
<tt class="descclassname">crypt.</tt><tt class="descname">METHOD_CRYPT</tt><a class="headerlink" href="#crypt.METHOD_CRYPT" title="Permalink to this definition">¶</a></dt>
<dd><p>The traditional method with a 2 character salt and 13 characters of
hash.  This is the weakest method.</p>
</dd></dl>

</div>
<div class="section" id="module-attributes">
<h2>35.5.2. Module Attributes<a class="headerlink" href="#module-attributes" title="Permalink to this headline">¶</a></h2>
<div class="versionadded">
<p><span class="versionmodified">New in version 3.3.</span></p>
</div>
<dl class="attribute">
<dt id="crypt.methods">
<tt class="descclassname">crypt.</tt><tt class="descname">methods</tt><a class="headerlink" href="#crypt.methods" title="Permalink to this definition">¶</a></dt>
<dd><p>A list of available password hashing algorithms, as
<tt class="docutils literal"><span class="pre">crypt.METHOD_*</span></tt> objects.  This list is sorted from strongest to
weakest, and is guaranteed to have at least <tt class="docutils literal"><span class="pre">crypt.METHOD_CRYPT</span></tt>.</p>
</dd></dl>

</div>
<div class="section" id="module-functions">
<h2>35.5.3. Module Functions<a class="headerlink" href="#module-functions" title="Permalink to this headline">¶</a></h2>
<p>The <a class="reference internal" href="#module-crypt" title="crypt: The crypt() function used to check Unix passwords. (Unix)"><tt class="xref py py-mod docutils literal"><span class="pre">crypt</span></tt></a> module defines the following functions:</p>
<dl class="function">
<dt id="crypt.crypt">
<tt class="descclassname">crypt.</tt><tt class="descname">crypt</tt><big>(</big><em>word</em>, <em>salt=None</em><big>)</big><a class="headerlink" href="#crypt.crypt" title="Permalink to this definition">¶</a></dt>
<dd><p><em>word</em> will usually be a user&#8217;s password as typed at a prompt or  in a graphical
interface.  The optional <em>salt</em> is either a string as returned from
<a class="reference internal" href="#crypt.mksalt" title="crypt.mksalt"><tt class="xref py py-func docutils literal"><span class="pre">mksalt()</span></tt></a>, one of the <tt class="docutils literal"><span class="pre">crypt.METHOD_*</span></tt> values (though not all
may be available on all platforms), or a full encrypted password
including salt, as returned by this function.  If <em>salt</em> is not
provided, the strongest method will be used (as returned by
<a class="reference internal" href="#crypt.methods" title="crypt.methods"><tt class="xref py py-func docutils literal"><span class="pre">methods()</span></tt></a>.</p>
<p>Checking a password is usually done by passing the plain-text password
as <em>word</em> and the full results of a previous <a class="reference internal" href="#module-crypt" title="crypt: The crypt() function used to check Unix passwords. (Unix)"><tt class="xref py py-func docutils literal"><span class="pre">crypt()</span></tt></a> call,
which should be the same as the results of this call.</p>
<p><em>salt</em> (either a random 2 or 16 character string, possibly prefixed with
<tt class="docutils literal"><span class="pre">$digit$</span></tt> to indicate the method) which will be used to perturb the
encryption algorithm.  The characters in <em>salt</em> must be in the set
<tt class="docutils literal"><span class="pre">[./a-zA-Z0-9]</span></tt>, with the exception of Modular Crypt Format which
prefixes a <tt class="docutils literal"><span class="pre">$digit$</span></tt>.</p>
<p>Returns the hashed password as a string, which will be composed of
characters from the same alphabet as the salt.</p>
<p id="index-2">Since a few <em class="manpage">crypt(3)</em> extensions allow different values, with
different sizes in the <em>salt</em>, it is recommended to use  the full crypted
password as salt when checking for a password.</p>
<div class="versionchanged">
<p><span class="versionmodified">Changed in version 3.3: </span>Accept <tt class="docutils literal"><span class="pre">crypt.METHOD_*</span></tt> values in addition to strings for <em>salt</em>.</p>
</div>
</dd></dl>

<dl class="function">
<dt id="crypt.mksalt">
<tt class="descclassname">crypt.</tt><tt class="descname">mksalt</tt><big>(</big><em>method=None</em><big>)</big><a class="headerlink" href="#crypt.mksalt" title="Permalink to this definition">¶</a></dt>
<dd><p>Return a randomly generated salt of the specified method.  If no
<em>method</em> is given, the strongest method available as returned by
<a class="reference internal" href="#crypt.methods" title="crypt.methods"><tt class="xref py py-func docutils literal"><span class="pre">methods()</span></tt></a> is used.</p>
<p>The return value is a string either of 2 characters in length for
<tt class="docutils literal"><span class="pre">crypt.METHOD_CRYPT</span></tt>, or 19 characters starting with <tt class="docutils literal"><span class="pre">$digit$</span></tt> and
16 random characters from the set <tt class="docutils literal"><span class="pre">[./a-zA-Z0-9]</span></tt>, suitable for
passing as the <em>salt</em> argument to <a class="reference internal" href="#module-crypt" title="crypt: The crypt() function used to check Unix passwords. (Unix)"><tt class="xref py py-func docutils literal"><span class="pre">crypt()</span></tt></a>.</p>
<div class="versionadded">
<p><span class="versionmodified">New in version 3.3.</span></p>
</div>
</dd></dl>

</div>
<div class="section" id="examples">
<h2>35.5.4. Examples<a class="headerlink" href="#examples" title="Permalink to this headline">¶</a></h2>
<p>A simple example illustrating typical use (a constant-time comparison
operation is needed to limit exposure to timing attacks.
<a class="reference internal" href="hmac.html#hmac.compare_digest" title="hmac.compare_digest"><tt class="xref py py-func docutils literal"><span class="pre">hmac.compare_digest()</span></tt></a> is suitable for this purpose):</p>
<div class="highlight-python3"><div class="highlight"><pre><span class="kn">import</span> <span class="nn">pwd</span>
<span class="kn">import</span> <span class="nn">crypt</span>
<span class="kn">import</span> <span class="nn">getpass</span>
<span class="kn">from</span> <span class="nn">hmac</span> <span class="k">import</span> <span class="n">compare_digest</span> <span class="k">as</span> <span class="n">compare_hash</span>

<span class="k">def</span> <span class="nf">login</span><span class="p">():</span>
    <span class="n">username</span> <span class="o">=</span> <span class="nb">input</span><span class="p">(</span><span class="s">&#39;Python login: &#39;</span><span class="p">)</span>
    <span class="n">cryptedpasswd</span> <span class="o">=</span> <span class="n">pwd</span><span class="o">.</span><span class="n">getpwnam</span><span class="p">(</span><span class="n">username</span><span class="p">)[</span><span class="mi">1</span><span class="p">]</span>
    <span class="k">if</span> <span class="n">cryptedpasswd</span><span class="p">:</span>
        <span class="k">if</span> <span class="n">cryptedpasswd</span> <span class="o">==</span> <span class="s">&#39;x&#39;</span> <span class="ow">or</span> <span class="n">cryptedpasswd</span> <span class="o">==</span> <span class="s">&#39;*&#39;</span><span class="p">:</span>
            <span class="k">raise</span> <span class="ne">ValueError</span><span class="p">(</span><span class="s">&#39;no support for shadow passwords&#39;</span><span class="p">)</span>
        <span class="n">cleartext</span> <span class="o">=</span> <span class="n">getpass</span><span class="o">.</span><span class="n">getpass</span><span class="p">()</span>
        <span class="k">return</span> <span class="n">compare_hash</span><span class="p">(</span><span class="n">crypt</span><span class="o">.</span><span class="n">crypt</span><span class="p">(</span><span class="n">cleartext</span><span class="p">,</span> <span class="n">cryptedpasswd</span><span class="p">),</span> <span class="n">cryptedpasswd</span><span class="p">)</span>
    <span class="k">else</span><span class="p">:</span>
        <span class="k">return</span> <span class="k">True</span>
</pre></div>
</div>
<p>To generate a hash of a password using the strongest available method and
check it against the original:</p>
<div class="highlight-python3"><div class="highlight"><pre><span class="kn">import</span> <span class="nn">crypt</span>
<span class="kn">from</span> <span class="nn">hmac</span> <span class="k">import</span> <span class="n">compare_digest</span> <span class="k">as</span> <span class="n">compare_hash</span>

<span class="n">hashed</span> <span class="o">=</span> <span class="n">crypt</span><span class="o">.</span><span class="n">crypt</span><span class="p">(</span><span class="n">plaintext</span><span class="p">)</span>
<span class="k">if</span> <span class="ow">not</span> <span class="n">compare_hash</span><span class="p">(</span><span class="n">hashed</span><span class="p">,</span> <span class="n">crypt</span><span class="o">.</span><span class="n">crypt</span><span class="p">(</span><span class="n">plaintext</span><span class="p">,</span> <span class="n">hashed</span><span class="p">)):</span>
   <span class="k">raise</span> <span class="ne">ValueError</span><span class="p">(</span><span class="s">&quot;hashed version doesn&#39;t validate against original&quot;</span><span class="p">)</span>
</pre></div>
</div>
</div>
</div>


          </div>
        </div>
      </div>
      <div class="sphinxsidebar">
        <div class="sphinxsidebarwrapper">
  <h3><a href="../contents.html">Table Of Contents</a></h3>
  <ul>
<li><a class="reference internal" href="#">35.5. <tt class="docutils literal"><span class="pre">crypt</span></tt> &#8212; Function to check Unix passwords</a><ul>
<li><a class="reference internal" href="#hashing-methods">35.5.1. Hashing Methods</a></li>
<li><a class="reference internal" href="#module-attributes">35.5.2. Module Attributes</a></li>
<li><a class="reference internal" href="#module-functions">35.5.3. Module Functions</a></li>
<li><a class="reference internal" href="#examples">35.5.4. Examples</a></li>
</ul>
</li>
</ul>

  <h4>Previous topic</h4>
  <p class="topless"><a href="grp.html"
                        title="previous chapter">35.4. <tt class="docutils literal"><span class="pre">grp</span></tt> &#8212; The group database</a></p>
  <h4>Next topic</h4>
  <p class="topless"><a href="termios.html"
                        title="next chapter">35.6. <tt class="docutils literal"><span class="pre">termios</span></tt> &#8212; POSIX style tty control</a></p>
<h3>This Page</h3>
<ul class="this-page-menu">
  <li><a href="../bugs.html">Report a Bug</a></li>
  <li><a href="../_sources/library/crypt.txt"
         rel="nofollow">Show Source</a></li>
</ul>

<div id="searchbox" style="display: none">
  <h3>Quick search</h3>
    <form class="search" action="../search.html" method="get">
      <input type="text" name="q" />
      <input type="submit" value="Go" />
      <input type="hidden" name="check_keywords" value="yes" />
      <input type="hidden" name="area" value="default" />
    </form>
    <p class="searchtip" style="font-size: 90%">
    Enter search terms or a module, class or function name.
    </p>
</div>
<script type="text/javascript">$('#searchbox').show(0);</script>
        </div>
      </div>
      <div class="clearer"></div>
    </div>  
    <div class="related">
      <h3>Navigation</h3>
      <ul>
        <li class="right" style="margin-right: 10px">
          <a href="../genindex.html" title="General Index"
             >index</a></li>
        <li class="right" >
          <a href="../py-modindex.html" title="Python Module Index"
             >modules</a> |</li>
        <li class="right" >
          <a href="termios.html" title="35.6. termios — POSIX style tty control"
             >next</a> |</li>
        <li class="right" >
          <a href="grp.html" title="35.4. grp — The group database"
             >previous</a> |</li>
        <li><img src="../_static/py.png" alt=""
                 style="vertical-align: middle; margin-top: -1px"/></li>
        <li><a href="https://www.python.org/">Python</a> &raquo;</li>
        <li>
          <span class="version_switcher_placeholder">3.4.3</span>
          <a href="../index.html">Documentation</a> &raquo;
        </li>

          <li><a href="index.html" >The Python Standard Library</a> &raquo;</li>
          <li><a href="unix.html" >35. Unix Specific Services</a> &raquo;</li> 
      </ul>
    </div>  
    <div class="footer">
    &copy; <a href="../copyright.html">Copyright</a> 1990-2015, Python Software Foundation.
    <br />
    The Python Software Foundation is a non-profit corporation.
    <a href="https://www.python.org/psf/donations/">Please donate.</a>
    <br />
    Last updated on Feb 26, 2015.
    <a href="../bugs.html">Found a bug</a>?
    <br />
    Created using <a href="http://sphinx.pocoo.org/">Sphinx</a> 1.2.3.
    </div>

  </body>
</html>